[Samba] winbind - security hole?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Mar 20 08:38:12 GMT 2006
On Mon, Mar 20, 2006 at 08:54:22AM +0100, Roland Schwarz wrote:
> Consequently if someone is having root access on any single workstation,
> he can modify the mapping at will to get root access to the entire
> domain. The only remedy I can see is to disallow root access on all
> workstations (which is a very undesirable fact).
But right now the only possibility.
> Are I am missing something, or is there a different setup possible to
> omit this security loophole?
No, you are right. In Samba trunk we have started working on
the unixinfo RPC pipe that eventually will fix this. But
it's not finished yet.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20060320/572c8511/attachment.bin
More information about the samba
mailing list